3402 matches found
CVE-2025-62340
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity...
CVE-2025-62340
HCL iControl is affected by CVE-2025-62340 (Inadequate Session Timeout). The vulnerability is a failure of the web application to automatically terminate user sessions after a period of inactivity. According to the provided sources, the affected product is HCL iControl, with impact described as C...
PT-2026-50376
Name of the Vulnerable Software and Affected Versions HCL iControl affected versions not specified Description HCL iControl is affected by an inadequate session timeout issue. This occurs when a web application fails to automatically terminate user sessions after a period of inactivity, potential...
PT-2026-50599
Name of the Vulnerable Software and Affected Versions org.hl7.fhir.dstu2 affected versions not specified Description An incomplete patch in the org.hl7.fhir.dstu2 module allows an unauthenticated attacker to cause a Regular Expression Denial of Service ReDoS. While other modules were updated to...
EUVD-2026-37012
Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRPC.Server.Adapters.Cowboy.Handler':readfullbody/3...
CVE-2026-45416 Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates...
CVE-2026-47197
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...
CVE-2026-47197
CVE-2026-47197 concerns the Quest Bot for Discord. Before version 1.1.6, a moderator who has the relevant Discord permission can use the bot to moderate users who are higher in the Discord role hierarchy, provided the bot itself outranks the target. This bypasses Discord’s normal role hierarchy p...
CVE-2026-47197 Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, a moderator with the relevant Discord permission bit can use the bot to moderate users above them in the Discord role hierarchy, as long as the bot itself outranks the target. This bypasses Discord’s normal role hierarchy protections...
CVE-2026-45802
CVE-2026-45802 affects FPDI, a PHP library that reads pages from existing PDFs to use as templates in FPDF. The issue, present in versions prior to 2.6.7, allows an attacker to upload a small malicious PDF that exhausts memory or triggers script timeouts, causing the server-side process to crash ...
CVE-2026-47213
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...
Improper Resource Shutdown or Release
Overview @boxlite-ai/boxlite is a BoxLite - Embeddable micro-VM runtime for secure, isolated code execution Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the...
Improper Resource Shutdown or Release
Overview boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable...
Improper Resource Shutdown or Release
Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable SIGKILL signal. An attacker can cause resource...
EUVD-2026-36197
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...
CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...
CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability
Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...
CVE-2026-47213
Summary (CVE-2026-47213 / BoxLite) BoxLite’s execution timeout mechanism is vulnerable due to sending SIGALRM (catchable) to terminate a timed process instead of SIGKILL (uncatchable). The Timeout watcher invokes a sleep, then calls kill with SIGALRM, while the code comments indicate SIGKILL shou...
Fedora 44 : tailscale (2026-07897c0238)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-07897c0238 advisory. - update to 1.98.4 - Allow nftables to satisfy firewall dependency in lieu of iptables rhbz2453924 - Fix 45s timeout on shutdowns in certain cases...
Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes
SslClientHelloHandler.decode reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates ctx.alloc.bufferhandshakeLength line 161. The guard at line 140 is handshakeLength maxClientHelloLength && maxClientHelloLength != 0, and the...